Compare method to join vcsa to AD Active Directory (AD or AD over LDAP)

This post was originally published on this site

I just started to learn this and wonder which method is better.

1. Joining vcsa SSO to AD via Active Directory (Integrated Windows Authentication); will require reboot (need to reboot all vcsa in a cluster?), only join to one AD, AD trust to consider, Should join to root of the forest.

2. Join vcsa via AD over LDAP, no reboot, join to multiple AD, any AD trust to consider?… does this mean workstation joined to a Domain can’t just use SSO? (like must provide account and password all the time)



Identity Sources for vCenter Server with vCenter Single Sign-On

Extracted from the above link;

“Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Client.”


Does this mean, this is included mainly to be compatible with vCenter SSO vSphere 5.1 and we should use Active Directory (Integrated Windows Authentication) instead if there isn’t vSphere 5.1 around.


If so, why? Because it is easier?






Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.